From 205ed2d2b58f9b93c7c665002aef0c775e64cf63 Mon Sep 17 00:00:00 2001 From: Duncan Laurie Date: Thu, 2 Jun 2016 15:23:42 -0700 Subject: skylake: Add function to set PRR for protecting flash Add a function similar to broadwell to set the PRR for a region of flash and protect it from writes. This is used to secure the MRC cache region if the SPI is write protected. BUG=chrome-os-partner:54003 BRANCH=glados TEST=boot on chell, verify PRR register is set and that the MRC cache region cannot be written if the SPI is write protected. Change-Id: I925ec9ce186f7adac327bca9c96255325b7f54ec Signed-off-by: Duncan Laurie Original-Commit-Id: abb6f645f5ceef3f52bb7afd2632212ea916ff8d Original-Change-Id: I2f90556a217b35b7c93645e41a1fcfe8070c53da Original-Signed-off-by: Duncan Laurie Original-Reviewed-on: https://chromium-review.googlesource.com/349274 Original-Reviewed-by: Shawn N Original-Reviewed-by: Aaron Durbin Original-Tested-by: Shawn N Reviewed-on: https://review.coreboot.org/15102 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin Reviewed-by: Leroy P Leahy Reviewed-by: Paul Menzel --- src/soc/intel/skylake/Kconfig | 1 + src/soc/intel/skylake/flash_controller.c | 37 ++++++++++++++++++++++++++++++++ src/soc/intel/skylake/include/soc/spi.h | 14 +++++++++++- 3 files changed, 51 insertions(+), 1 deletion(-) (limited to 'src/soc/intel/skylake') diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index 1ac0647a40..9278cf1aa2 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -25,6 +25,7 @@ config CPU_SPECIFIC_OPTIONS select MMCONF_SUPPORT select MMCONF_SUPPORT_DEFAULT select NO_FIXED_XIP_ROM_SIZE + select MRC_SETTINGS_PROTECT select PARALLEL_MP select PCIEXP_ASPM select PCIEXP_COMMON_CLOCK diff --git a/src/soc/intel/skylake/flash_controller.c b/src/soc/intel/skylake/flash_controller.c index 0af0484082..3507b471cc 100644 --- a/src/soc/intel/skylake/flash_controller.c +++ b/src/soc/intel/skylake/flash_controller.c @@ -386,6 +386,43 @@ struct spi_slave *spi_setup_slave(unsigned int bus, unsigned int cs) return slave; } +int spi_flash_protect(u32 start, u32 size) +{ + pch_spi_regs *spi_bar = get_spi_bar(); + u32 end = start + size - 1; + u32 reg; + int prr; + + if (!spi_bar) + return -1; + + /* Find first empty PRR */ + for (prr = 0; prr < SPI_PRR_MAX; prr++) { + reg = read32(&spi_bar->pr[prr]); + if (reg == 0) + break; + } + if (prr >= SPI_PRR_MAX) { + printk(BIOS_ERR, "ERROR: No SPI PRR free!\n"); + return -1; + } + + /* Set protected range base and limit */ + reg = SPI_PRR(start, end) | SPI_PRR_WPE; + + /* Set the PRR register and verify it is protected */ + write32(&spi_bar->pr[prr], reg); + reg = read32(&spi_bar->pr[prr]); + if (!(reg & SPI_PRR_WPE)) { + printk(BIOS_ERR, "ERROR: Unable to set SPI PRR %d\n", prr); + return -1; + } + + printk(BIOS_INFO, "%s: PRR %d is enabled for range 0x%08x-0x%08x\n", + __func__, prr, start, end); + return 0; +} + #if ENV_RAMSTAGE /* * spi_init() needs run unconditionally in every boot (including resume) to diff --git a/src/soc/intel/skylake/include/soc/spi.h b/src/soc/intel/skylake/include/soc/spi.h index 7991c1632a..c930b5818c 100644 --- a/src/soc/intel/skylake/include/soc/spi.h +++ b/src/soc/intel/skylake/include/soc/spi.h @@ -40,6 +40,17 @@ /* STRAP Data Register*/ #define SPIBAR_RESET_DATA 0xF8 +#define SPI_PRR_MAX 5 +#define SPI_PRR_SHIFT 12 +#define SPI_PRR_MASK 0x7fff +#define SPI_PRR_BASE_SHIFT 0 +#define SPI_PRR_LIMIT_SHIFT 16 +#define SPI_PRR_RPE (1 << 15) /* Read Protect */ +#define SPI_PRR_WPE (1 << 31) /* Write Protect */ +#define SPI_PRR(base, limit) \ + (((((limit) >> SPI_PRR_SHIFT) & SPI_PRR_MASK) << SPI_PRR_LIMIT_SHIFT) |\ + ((((base) >> SPI_PRR_SHIFT) & SPI_PRR_MASK) << SPI_PRR_BASE_SHIFT)) + #define SPI_OPMENU_0 0x01 /* WRSR: Write Status Register */ #define SPI_OPTYPE_0 0x01 /* Write, no address */ @@ -119,6 +130,7 @@ #define SPIBAR_BC_LE (1 << 2) #define SPIBAR_BC_WPD (1 << 0) - void *get_spi_bar(void); +int spi_flash_protect(u32 start, u32 size); + #endif -- cgit v1.2.3